Gen Digital Inc (GEN) — Q3 2016 Earnings Call Transcript

Thank you. Good afternoon and thank you for joining our call to discuss third quarter 2016 earnings results. By now, you should have had the opportunity to review our earnings release and supplemental information. We have also posted a presentation and prepared remarks to our Investor Relations events web page. Speakers on today's call are Mike Brown, Symantec's President and CEO; and Thomas Seifert, Executive Vice President and CFO. This is a live call that will be available for replay via webcast on our website. I'd like to remind everyone that all references to financial metrics are non-GAAP unless otherwise stated. Implied billings refer to revenue plus a change in sequential deferred revenue. We provide constant currency growth rates in our prepared remarks, except for statements about net income and EPS. I would like to take this opportunity to highlight a few dates for you. Mike Brown will be presenting at the Morgan Stanley Technology Conference on February 29 and attending the JMP technology conference on March 1 in San Francisco. Thomas Seifert will be presenting at the Raymond James Institutional Investor Conference in Orlando on March 7. We intend to announce fourth quarter earnings on May 12 and will be hosting a financial Analyst Day on May 26 in New York City. Please note, non-GAAP financial measures referenced during this call are reconciled to their comparable GAAP financial measures in the press release and supplemental materials posted on our website. Today's call contains forward-looking statements based on the environment as we currently see it. Those statements are based on current beliefs, assumptions and expectations, speak only as of the current date and as such, involve risks and uncertainties that may cause actual results to differ materially from our current expectations. Please refer to the cautionary statement in our press release for more information. You will also find a detailed discussion about our risk factors in our filings with the SEC and in particular, in our annual report on Form 10-K in the year ended April 3, 2015. In connection with the Veritas sale, we have provided seven quarters of recast GAAP and non-GAAP financial income statements, third quarter and prior year-end balance sheets and GAAP cash flow statements of the trailing three quarters and FY '15. All non-GAAP revenue and expenses exclude the impact of Veritas; however, the continuing operations deferred revenue on the balance sheet and the change in deferred revenue from the cash flow statement includes a portion of Veritas deferred revenue from Symantec and Veritas bundled contracts entered into prior to operational separation. The Veritas deferred revenue from those contracts will amortize into discontinued operations. As a result, implied billings growth calculated from change in deferred on the balance sheet or cash flow statement will not be representative of standalone Symantec's performance, as it will include an impact from Veritas. This quarter and going forward, we will disclose the amount of deferred revenue on the balance sheet that will represent standalone Symantec for calculating implied billings. And now, I would like to introduce our CEO, Mike Brown. Go ahead, Mike.

Thanks, Jonathan and good afternoon. I am pleased first to announce that Silver Lake Partners has made a $500-million strategic investment which is a strong vote of confidence in both our transformation, as well as our future as a world leader in cybersecurity. Additionally, I'm excited to have Ken Hao, Silver Lake managing partner join our Board, given his deep expertise in technology and track record of creating value. As you know, we have been undergoing a three-year transformation which began in April 2014. At that time, we laid out five priorities that we had since successfully executed against. First, managing our businesses with a portfolio approach which included divesting Veritas and improving the profitability of our consumer business, while we invest for growth in enterprise security. Second, within enterprise security, we have been investing for growth by reallocating R&D spending to high-growth markets. Third, improving our cost structure where we have improved non-GAAP operating margins to 28% this quarter. Fourth, building a talented executive team, including new C-level leadership across most major functions. And fifth, returning significant cash to shareholders, with $2.1 billion in total share repurchases and dividends since April 2014. During this period, we also developed a well-articulated strategy for our security business which we call Unified Security. This strategy leverages our key competitive differentiator - the global scale and footprint of our large install base, where we can correlate threats that our products and services see with Symantec's global intelligence network, monitoring over 8 trillion objects globally and in real time. After completing the divestiture of Veritas we're a more focused Company as the world's leader in cybersecurity. The second half of our transformation plan began last October and is focused on four priorities. Number one, delivering upon a product roadmap that leverages our Unified Security strategy; number two, building our enterprise security pipeline and go-to-market capabilities; number three, improving our cost structure further; and number four, continuing to efficiently allocate capital. I'll now cover each one of these priorities, starting with the first, delivering upon a product roadmap that leverages our Unified Security strategy. On a daily basis, chief information security officers and security operations analysts are overwhelmed by the vast number of security alerts that make it difficult to pinpoint advanced threats attacking their IT environment. Furthermore, attacks are constantly evolving and leveraging a variety of techniques. This leaves traditional point solution vendors, who are only focused on a specific attack method, at a disadvantage. Protecting against these advanced attacks involves a unified approach to security to guard against multiple attack methods and understanding global threats in real time. This is Symantec's strategy which leverages our install base and competitive differentiation in using a big data approach to understand more about the threat landscape than any of our competitors. The first generation of product, leveraging our Unified Security strategy, includes new solutions in the areas of advanced threat protection, data loss prevention, cybersecurity services and applications that run on our Unified Security analytics platform. In total, we have launched six of the twelve new enterprise security products we outlined last year at our financial Analyst Day. We plan to release the remaining half within the next two quarters and have an additional set of new products in the pipeline for the second half of FY '17. The first three of these, our newly released advanced threat protection or ATP solutions, harness threat telemetry from the major control points of endpoint, email, and network to not only detect, correlate, and prioritize but also remediate threats. This solution does this all from one console without adding an additional endpoint agent. Key differentiators of Symantec's ATP approach are a cloud-based expandable sandboxing capability that works without expensive on-premise hardware, as well as the ability to correlate threats across control points within an enterprise and against Symantec's global real-time intelligence network. In recent independent third-party testing from NearCom and Dennis Technology Labs, Symantec's ATP solutions received the highest scores across all test categories against vendors including FireEye, Cisco, Palo Alto Networks and Fortinet, meaning we stopped more attacks and blocked more threats with fewer false positives than any of our competitors. Our ATP solutions build upon a key core offering, Symantec's Endpoint Protection or SEP, which is our largest product line within enterprise security and which is delivering next-generation endpoint protection today. Many competitors are delivering only a subset of endpoint protection techniques. As a result, customers would be required to install numerous agents on their endpoints to match the same level of protection that we deliver today with SEP. This slows performance at the endpoint and is cumbersome to manage. Symantec Endpoint Protection already combines multiple advanced protection engines across intrusion prevention, whitelist, behavior-based machine learning, signature-less detection of malware and suspicious activity, automation, application control, clustering, and remediation, all deployed from a single agent. This layered approach which incorporates multiple protection engines, goes far beyond antivirus in delivering next-generation capability which is already being delivered to our more than 300,000 endpoint customers, protecting over 110 million endpoints and enterprises. This is the install base for which we're targeting our ATP solution. In our cybersecurity service offering, Symantec is also delivering Unified Security capabilities to customers through our Managed Security offering. This service monitors Symantec solutions, as well as third-party security products, to correlate threats against Symantec's global real-time intelligence network. In many cases, our Managed Security service operates side by side with existing customer Security Operations Centers (SoC) to act as complementary protection or a later defense against attackers. Symantec has been named a leader twelve times in the Gartner Magic Quadrant for Managed Security services. Finally, we will also deliver Unified Security capability through new applications that will sit on top of our analytics platform and leverage the vast threat data we see globally and in real time. Risk Insight, which benchmarks an enterprise's security posture against peers, is the first in a series of applications we plan to build on top of this platform. The solution is currently running in beta at a large financial services company and will become generally available this quarter. We’re excited about this wave of innovation at Symantec which is resulting in the most robust organically developed product cycle in our history. Now on to the second of our four priorities, which is building our enterprise security pipeline by improving our go-to-market capability. Building a robust pipeline incorporates strong brand recognition, a robust channel program, lead generation, and focused sales plays. To educate the channel on our next-generation security portfolio and product roadmap, we conducted partner conferences across our three major geographies and special training sessions which included meeting with over 1,000 partners. During the quarter, we saw early momentum from the global system integrators and are now focusing to further enable our VARs, distributors, service providers, and cloud providers. Additionally, we have launched a set of focused field sales plays aimed at driving new product sales in our install base, as well as replacing competition. For example, our ATP cross-sell campaign has identified over 3,000 accounts that have an SEP installation which represent over tens of millions of control points. Within those accounts, we have identified a subset that are immediate candidates for our ATP solution over the next five quarters, as they have an upcoming endpoint or email renewal. We're already seeing positive results, despite ATP only being generally available for just over 30 days. As of February 1, we had nearly 1,200 customers that have either attended an ATP webinar or engaged with a Symantec expert. Over 350 customers are actively evaluating our ATP solution and dozens of initial wins. One of the most notable wins was with a U.S. food manufacturer and existing SEP and email customer who purchased our full ATP endpoint, email, and gateway solution to monitor over 10,000 control points. This customer reviewed competitive offerings and selected Symantec, given our integrated suite, single console, and no need to deploy a new endpoint agent. Another example of a new go-to-market offering is how we're helping customers securely transition to Office 365 by leveraging our recently launched bundle that includes DLP for cloud, user authentication, and our cloud email solution. Our Office 365 solution provides customers a cloud-based solution that secures inbound and outbound data for customers as they transition those workloads and associated administration to the cloud. With cloud-based workloads, it's even more important to ensure an authorized user is accessing information, that it's encrypted traffic, and that data that shouldn't leave a customer's environment doesn't leave. Symantec's bundle combines these security capabilities for our customers. We're currently in discussions with many existing and prospective customers who plan to migrate tens of thousands of users to Office 365. Some will be brand-new wins for us, and others will be an upsell opportunity. Our third priority is continuing to improve our cost structure now that the divestiture of Veritas is complete. We're announcing today a target of $400 million in cost reductions to be achieved over the next two years. Specifically, over the next 18 months, we plan to eliminate $130 million of Transition Services Agreements (TSAs) and stranded costs resulting from the sale of Veritas, of which there are large opportunities in the areas of IT infrastructure and real estate. Beyond the impact of TSAs and stranded costs, we believe we can achieve further reductions across the Company. The majority of these incremental savings will benefit us in FY '18 and beyond. As a result, we expect to reach a 30% operating margin as we enter FY '18. Now our fourth priority is capital allocation. Our management team and Board believe proper capital allocation is key to maximizing long term shareholder value and we have demonstrated this with a consistent track record of returning capital through dividends and share buybacks. We continue that consistent track record with our announcement today that we will return $5 billion in additional capital to shareholders by the end of March 2017 through a special dividend and share repurchases, bringing our total capital return in connection with the Veritas transaction to $5.5 billion. Next, I'd like to provide an overview of Q3 results. Enterprise security revenue increased 1% year over year, the third consecutive quarter of revenue growth driven by 15% growth from information protection. Specifically, DLP again grew double digits. We're witnessing a resurgence in DLP demand across industries beyond the traditional verticals of financial services and healthcare that we've sold into, as more organizations realize they need to secure their intellectual property. We're the best-positioned Company to capitalize on this opportunity which is further demonstrated by our market share which is twice the size of the closest competition and our recognition as a leader in Gartner's January 2016 data-loss prevention Magic Quadrant. Moving to our consumer security business, revenues here declined 6% which was at the better end of our down 6% to 8% expectation and an improvement from Q2. During the quarter, we signed an agreement with a large Indian telco to provide paid mobile security services to their customers. This is significant, as monetizing the mobile opportunity is still in its infancy compared to traditional form factor. We believe mobile security sold through partners will be one of the levers to return the consumer business to growth over the long term. As Thomas will describe in more detail, we're on track to convert our entire customer base to a subscription service and acquire more new customers directly online. Further, as we execute against our broader consumer product roadmap, we will expand the Norton offering to address broader personal privacy and home IoT security opportunities. In summary, I believe we're well-positioned for acceleration in FY '17. Our consumer business will see moderating declines while remaining extremely profitable at greater than 50% operating margin. We expect our enterprise security business to continue to grow in FY '17 based on the strengthening product portfolio and building pipeline. Finally, we have a focused organization to execute against our priorities. Now I'll turn it over to Thomas to provide a review of our third quarter financial results and guidance for our fourth quarter.

Thank you, Mike and good afternoon. Third quarter total revenue was $909 million, a decline of 2% year over year, and was above the mid-point of our guided range on a constant-currency led basis. In Q3, approximately 88% of revenue is recurring in nature, 5% is perpetual and 7% is from services. Over time, we expect recurring revenue to become a larger portion of overall revenue, as more products are sold as a subscription. Deferred revenue was $2.5 billion, which includes $396 million deferred revenue from Veritas. Implied billings, excluding Veritas, were $865 million. The U.S. dollar appreciated against most major currencies compared to the year-ago period which created a headwind of approximately $40 million to third quarter revenue on a year-over-year basis. Non-GAAP operating margin for the third quarter was 27.9% and exceeded our guided range. Excluding the impact from GSA cost, non-GAAP operating margin would have been approximately 30%, which is in line with our margin target. Non-GAAP net income was $172 million. We saw that fully diluted earnings per share of $0.26, above the high end of our guidance. Let me now provide further detail on our revenue performance by product area. Enterprise security revenue was up 1% year over year. Enterprise security operating margins were at 5%. To note, enterprise security carries a higher burden of stranded costs. Within enterprise security, threat protection was down 4% and within threat protection, endpoint protection grew in low single digits. Offsetting this growth was continued weakness in our endpoint management solution which will soon be refreshed with our newly identified endpoint management platform available this quarter. Information protection revenue grew 15%, driven by both data loss prevention and user authentication, which were both up double digits year over year. During the quarter, we closed over two dozen new DLP deals greater than $300,000, including one of the largest healthcare systems in the nation, where we beat out the competition to replace the legacy installation with our market-leading DLP solution. Cybersecurity services, CSS, was flat year over year. During the quarter, we opened a Singapore SoC which would further accelerate our expansion internationally. We're seeing positive underlying trends in CSS from both a secular and an execution standpoint and expect the business to improve its revenue growth performance in FY '17. Website security grew 3%. We continued to be the de facto standard for enterprise-level customers to secure their websites, which is a stable and profitable business. Beyond the enterprise, we see demand for encryption and authentication accelerating, as security and privacy imperatives and identify and applications like e-commerce grow among businesses of all sizes, which we believe represents at least $40 million additional websites worldwide of opportunity for our solutions. Now on to the Norton consumer security segment. Third quarter consumer security revenue was down 6% and operating margins were 56%. However, we're seeing improvement in the underlying fundamentals of the consumer business performance which gives us confidence that revenue performance will continue to improve. From a business modeling standpoint, we evaluate the consumer security business based on four primary factors: customer satisfaction, subscriber renewal rates, new subscriber growth and pricing. For competitive reasons, we do not quantify those metrics externally, but believe it would be helpful to directionally describe our performance. First, customer satisfaction. We track our progress through Net Promoter Score which is one of the highest in our industry and expect that metric to trend higher. Second, renewal rates. We have completed the transition to subscription globally. This quarter, we have reached the one-year anniversary of the transition in the U.S. and will reach the one-year anniversary in Europe at the end of the second quarter of FY '17. Customers on subscription renew at a significantly higher rate than those not on subscription. We expect renewal rates to continue to improve over the medium term as we transition more customers to subscription and the acquisition makes continuous moving towards digital channels. Third, new customer acquisition. We're focusing on acquiring more customers online and through ISPs, as those channels have proven higher lifetime values. During the quarter, new subscriptions from online again grew 8% year over year. This represents approximately half of new acquisitions. Lastly, we expect pricing to remain healthy as we deliver increased value to our customers in the form of next-generation consumer endpoint protection. Given the steady improvement in both renewal rates and new customer additions, we believe we're exiting the trough of the consumer business declines. Turning to cash flow. Cash flow from continuing operations for the December quarter totaled $153 million and includes $56 million in outflows related to separation costs. Capital expenditures were $114 million in Q3. We expect capital expenditures for Q4 to be approximately $50 million to $60 million. Now turning to capital return. As we mentioned previously, we would update our capital return plan post the completion of the Veritas sale. We will now be returning $5.5 billion, which includes the $500 million Accelerated Share Repurchase (ASR) that we executed in Q3, and an additional $5 billion capital return. The $5 billion will be executed through a $4 per-share special dividend which will amount to $2.7 billion and a $2.3 billion share repurchase program to be completed by March 2017. The record date for the special dividend payable to shareholders will be the close of business on March 8, 2016 and the dividend will be payable on March 22. Once we complete the special dividend, we'll initiate our stock repurchase program. We expect to execute approximately $900 million of share repurchases within Q4. After the completion of the capital return, we will have returned more cash to shareholders than the net cash proceeds from the sale of Veritas. Lastly, we're adjusting our ongoing quarterly dividend to $0.075 a share, starting in the first quarter of FY '17. This adjustment reflects our lower domestic free cash flow post Veritas sale, but still represents a significant payout ratio on domestically generated free cash flow. We're committed to increasing this dividend as free cash flow grows over time. Now turning to guidance. Our constant currency Q4 revenue guidance is down 4% to flat, which is slightly higher than our previous guidance. We now expect non-GAAP operating margin to be 26% to 28%, down slightly from our previous guidance due to a negative impact from currency. We expect non-GAAP EPS of $0.24 to $0.27, in line with our previous guidance, as a lower tax rate offsets the decrease in the operating margin expectation. We will provide FY '17 guidance when we report our Q4 results in May. In conclusion, we're seeing the underlying fundamentals of the business improve, and we're well-positioned to execute on the second half of our transformation. Now I will turn the call back over to Jon.

Thank you, Thomas. Operator, can you begin polling questions?

Can you discuss your thoughts on 2017? While I understand you're not providing guidance for that year, it seems like it could be a turning point following the disruptions. How should we consider that transitioning year?

Well, Raimo, I think we can discuss our guidance directionally, and we'll provide complete guidance when we announce next quarter. Here's our perspective: in terms of revenue, we anticipate the consumer segment to align with the outlook we have shared, which indicates a moderating decline moving forward. Our guidance is consistent with what we presented at Financial Analyst Day, and our consumer business is on track. On the enterprise side, forecasting is more challenging due to many new products as I mentioned earlier. Until we gain better visibility into how we are converting the pipeline into revenue, we prefer to be conservative in our outlook for the enterprise sector. It’s reasonable to say that we'll start from where we ended Q4 and expect modest growth from that point as we progress through FY '17. Regarding margins, we should consider a couple of factors. First, from a seasonal perspective, margins typically decrease from Q4 to Q1. Additionally, we have significant stranded costs related to supporting Veritas, which accounts for about 200 basis points of margin. If we add these 200 basis points to our reported margin of 28%, we would achieve our 30% target. However, as we move into FY '17, we expect the reported non-GAAP margins, where we cannot adjust for those stranded costs, to be around 200 basis points lower than FY '16 levels. This means we will see lower operating margins, and our goal is to eliminate $400 million in costs over two years to achieve this. By the start of the following fiscal year, FY '18, we plan to return to our target of 30%. That provides some insight into our thinking.

Okay and then one follow-up question more on the business. If you think the endpoint is the one where you see a lot of extra competition coming in at the moment. You have a new product set there. How do you think about the trajectory for you to reverse the trend there?

Did you say to reverse the trend?

How do you think about the trajectory for reversing the decline and then returning to growth?

I think the first thing I'd want to say is enterprise endpoint has been growing for us all year long, so I think we can do better there. I think when we think about the capabilities that we're bringing, especially with ATP, we see that as a big opportunity. As many of you on the call have commented, 2016 is likely to be the renaissance of the endpoint, now that we're through a major refresh of firewalls, next-generation firewalls, many CISOs are turning to the endpoint because that's where unencrypted data lives and that's where they are looking to be more effective against attacks. When we think about the combination of capabilities that we're offering, we think it's unparalleled in the marketplace. Just a couple of examples, we believe we're the only player effectively providing advanced attack protection across all vectors, so that's what our ATP solution does. You're really able to stop attacks and correlate them that might have been aimed at the network or email or endpoint; we could correlate those. The second, as I talked about in my remarks, we're using multiple advanced techniques that go well beyond static signatures, things like behavior monitoring, machine learning, global intelligence, advanced analytics. So we've already got multiple protection engines that are incorporated in step. The third would be the ability to remediate attacks; that comes with our ATP solution, so it's not just about protection but what can I do to remediate a situation. And then one of the things that Symantec has a strength in relative to some startup competitors is obviously delivering endpoint protection at scale without performance drag, because we can provide all these capabilities with a single agent. So we think we're really in an unmatched position now and adding the ATP capability gives us even stronger leadership. So we're still, as you'd expect, very excited about the endpoint. We think the capabilities we're adding with the ATP solutions really make us the leader again, in terms of the technology to protect, as well as remediate attacks at the endpoint.

Jerry Benatar in for Michael. Regarding enterprise endpoint, what trends are you observing with customers and their current antivirus solutions? Are they enhancing it with next-gen endpoint options, or are you noticing any customer turnover? Thank you.

Thank you for that question, because I think this is the source of a lot of confusion about what's happening in the endpoint. There's a feeling that Symantec, as being a legacy vendor, really providing antivirus protection and that's all. What's true is we're providing antivirus, but when I talk about multiple protection engines, antivirus is just one of those. We often call that signature-based technology or protection, but here's where we're adding those multiple layers. So we've spent years developing, through our advanced research, these multiple techniques to protect you so that we can see what attacks are frankly coming in across the network. So frankly, the capability that stops more attacks than antivirus is something called intrusion prevention that's really scanning what is the traffic coming in over the network. That blocks more attacks than antivirus today. And we combine that with other techniques that we talked about, behavior, we use the wisdom of crowds to understand what are the reputations that endpoint users might go out to access other files or URL addresses. And again, the vast telemetry that we collect keeps reputations on those 25 billion files, 30 billion URLs. So we will block the user from going to an infected site or opening an infected file before they do that. So it's again, these multiple protection engines and techniques that allow us to provide that best protection at the end point. A lot of competitors like to think we're just antivirus, but it's far from the truth.

Could you explain the reasoning behind the decision to increase the special dividend while decreasing the regular dividend? Thank you.

I believe the special dividend reflects our commitment to efficiently and promptly return the proceeds from the Veritas transaction to our shareholders. The Board has determined that the combination of the special dividend and the buyback program will achieve this goal effectively. The reduction in the regular dividend is more about our operations and their future scale, allowing us to maintain flexibility in managing our cost structure and investing in the business. We have mentioned our intention to increase the dividend if cash flow permits, but these are two distinct issues. One relates to the efficient capital return of the Veritas proceeds, while the other concerns how we adapt to a smaller operational footprint. It's important to note that even with the reduced dividend, it still represents the majority of our domestically generated cash flow going forward.

One top-line question and then one more strategic question. On the top-line question, focusing on the consumer side of the equation, it sounds like starting to trend in the right direction. Can you talk to us about how you guys are thinking about distribution on a going-forward basis? You're seeing good traction with electronic distribution. Is there a potential of extending that back out into maybe putting your toe in the water, getting back into some of the OEM relationships? How should we think about how you're going to get the net new subscribers from here on out, how you're going to turn that ship fully around and actually start to get growth in the consumer side of the equation? That's the revenue question. Then the strategic question is just given the big chunk of cash return that's coming from Veritas, how does this impact how you guys think about M&A and the potential for doing deals on a going-forward basis? Does this have to steer you toward smaller deals versus something larger, given that you are giving back so much of this in cash?

Keith, thanks for the question on the consumer business, because it gives us an opportunity to say our goal is to get the consumer business to return to growth. And we think that is achievable over the long term, meaning, over the next several years. So while we're not forecasting that for next year, as we continue to work through the transitions that we've already begun in the consumer business, we clearly see that as an opportunity; returning the business to top-line revenue growth over a longer time frame. Distribution is a key part of that. Most important for us was making sure that we built a stronger foundation for the business. That had to do with reducing the churn rate and of course, what we've done primarily there is move to a subscription. What we're seeing as we're now reaching the one-year anniversary of customers who started in a subscription is that the retention rate of those customers is significantly higher than what we had before with an auto-renewal program where they needed to proactively sign up year after year. So staying in a subscription, of course, means that they continue to be protected and pay us year after year without an opt-in. And the retention rates are significantly higher, we're already seeing that in the business. That's important because that gives us a stronger model from which to approach OEMs. So if we had lower retention rates, higher churn rates, an OEM customer doesn't make as much back. So now that we're fixing the foundation in the business, meaning improving the retention rate, now there's an opportunity to think about expanding distribution. So today, we're primarily acquiring new customers through online acquisition. Thomas talked about the fact we're up 8% year over year in terms of our online acquisitions. So one part of our channel growing there. The second part that's growing from a channel perspective is the new customers we're acquiring through large partners. These tend to be cable or telco companies and I talked in my remarks about the fact that a new opportunity for us there is monetizing mobile customers. We're starting to do that really for the first time. Then as we look at retail and OEM, OEM has been in decline for us, but now with a stronger model, it will be time for us to think about OEMs again. In fact, we're competing for a major OEM contract this year. So we'll have to wait and see how that plays out, but with the stronger model, we'll be in a great position to be competitive there and have that be a profitable business for Symantec which of course, as we've talked about was different with some of those OEM contracts before. They weren't profitable for us and our churn rate was such that we weren't able to generate the right lifetime customer value. Moving on to your second question about our balance sheet and strategic flexibility, we do not believe that the capital return program limits our strategic flexibility in the least. As you are aware, we'll have a very strong balance sheet going forward. We estimate we will have something in the neighborhood of $5 billion in cash as we end FY '17, with strong cash-flow generating capabilities. We do not feel it limits our strategic flexibility and we're going to continue to think about what are the right other capabilities that we'd like to add to Symantec that are tightly aligned with this Unified Security strategy.

Thanks for taking my question. I would like to discuss the enterprise business further. We observed a slight contraction in margins for that segment this quarter. How do you envision the possibility of margin expansion there while balancing investments for growth and achieving your corporate margin goals?

I think I said it in my part that their slight decrease in enterprise margin, in part is a reflection of the higher burden of stranded costs that business had to carry this quarter and also to be honest, in FY '17. I think the $400 million cost improvement that we announced is going to be largely reflected in improvement in the margins of the enterprise security business, because Norton is already performing at a very profitable level and we've done our homework there already. You would expect that the margin for a standalone software business in this space is getting double-digit and I think with the improvement plans that we have put in place today and talked about today, this enables that path. And we'll get more specific when we talk about FY '17 guidance and beyond on our next earnings call. But without a doubt, we have work in front of us, but we're serious about getting that done.

I would just like to add that the stranded costs we talked about which start with some large legacy IT infrastructure and real estate, the large proportion of those of course would get allocated to the enterprise business, as Thomas said, get reflected in those margins. So it doesn't mean that we will be investing less and making the enterprise business the growth business. But we'll have to attack those costs which are now burdening that segment P&L.

And maybe one quick high-level follow-up. Now being a pure-play security vendor and also having the very large install base that you have, you have unprecedented insight into the macro demand environment for security products. Can you talk a little bit and you touched on it, but could you go a little bit more in depth on the demand environment that you're seeing in calendar 2016 for security overall?

We've seen no slowdown in terms of the demand for security products and services. They both have tremendous market opportunity. I think we would all agree that the market opportunity is a significant multiple of what we're showing in growth rate. The market opportunity we feel is there. Customers who have engaged with our strategy, seen our new products, are very excited about what they see. So I think our challenge is really how do we participate in that market growth to a greater extent? Which means better execution on our part, getting out these new products, making sure we're building the pipeline and that will allow us to grow the enterprise business a bit faster so that we're achieving more closely the market growth rate. But given the number and severity of attacks that we see with the global intelligence network that we have, there's no slowdown in terms of the attackers or attacks, and customers continue to reach out saying they need help with this problem.

Mike, I was hoping you could talk just a little bit about M&A and how you're thinking about it. And in particular, what valuation guidelines you guys use as you evaluate opportunities? Because that's an area of concern I hear from investors sometimes, that you're going to spend all the money on something that's super expensive.

We hear those same concerns. I hope today's announcement of a capital return program alleviates some of those concerns, as we've now returned all the proceeds or in the process of returning all the proceeds of the Veritas transaction to shareholders, because I think that was a concern. As I said before, when Keith and I were talking though, we don't feel this limits our flexibility in terms of looking at potential acquisitions down the road. We have a very strong balance sheet and strong cash flow. But we will be very judicious as we think about this. If you look at our track record for the last 18 months or so, we've only done two small acquisitions. Those were very tightly aligned with the strategy that we've talked about, meaning they significantly add to the Unified Security. In part, that was because we saw that the valuations were such that it was very difficult to make an acquisition, have the right level of returns for ourselves and our shareholders. We're going to continue to be very judicious as we think about what are the right assets that need to be tightly aligned with the strategy and they need to make financial sense over a similar timeframe, meaning a couple of years timeframe for us. It can't be something that's going to pay off 10 years from now. One of the additional capabilities we'll have now is Silver Lake's extensive capability in assessing companies. They are interested in helping us with this issue as well, both from the standpoint of looking at the opportunities, but also in making sure that we understand the targets that we're looking at in depth.

Quick question, one just on the capital return I just want to make sure I understand how you fund it because I do understand you're returning all the dollar amount of the proceeds from Veritas but not all those are in the U.S. Should we expect you to raise incremental debt or do you intend to repatriate some of the funds that are coming in from the Veritas deal?

A good question, Walter. When we talk about the special dividend that is going to be paid in March and also the first step in the buyback program that we announced, if you consider how much domestic cash we have after the Veritas proceeds, then add the money that we get from Silver Lake, we're in good shape to cover that first step. On top of that, there's operational cash flow and then there will be some additional debt involved during the full way, at least until we can bridge a more efficient way to repatriate capital. But I think this is something where we have not crossed all T's and dotted all I's; that is work that is in process. But I think for the first step, the special dividend and the first step towards an efficient buyback in starting already in the fourth quarter. If you look at the domestic cash on hand, we're in good shape to do that.

And then one other question for you, just on the billings. You gave the billings number ex-Veritas for the December period. Could you provide the comparable billings for the prior year or maybe just the growth rate or constant currency growth rate, something to help us put that in context?

I understand your request. There is considerable analysis needed to separate the historical numbers for Veritas and the new numbers for Symantec. Once we have those historical figures available, we can discuss them. Since we just completed the transaction about a week ago, we are not yet able to provide those historical numbers.

Your revenue decreased by about 2% in the security segment. Can you indicate whether your assessment of business growth falls within that range? I don't need an exact billings figure, but any information you can share for additional context would be appreciated.

I believe that when looking at bookings or billings, we have exceeded revenue growth in the third quarter. Let's leave it at that.

I just have a follow-up to the macro question prior. You constantly hear about how enterprises are losing the battle against hackers and as you said, there's no slowdown in breaches. However, are you guys seeing any shift in priorities within the broader spending environment?

I would say that the shift that we're seeing is towards how can you integrate some of the capabilities as opposed to buying more and more point solutions. Many of our customers are saying, I'm overwhelmed with the number of point solutions that are out there, people coming to me saying they've got a clever new way to block this single exploit or what can we do that might help stop one type of attacks and they are looking for something that's a more integrated solution here. How do I get a view across my enterprise? How do I protect myself knowing that there are threats that might have occurred in another part of the world aimed at the same vertical that I am in? That's where I think our strategy is really resonating. So if you think about what we described with ATP, we're giving customers a view across their entire enterprise and then we're giving them access to the global threat intelligence that we have. We're finding that customers are looking for that ability to find a needle in the haystack. How do I see that attack? If I'm a bank, that occurred in an Australian bank today, because the attackers are trying to leverage their business model, but really they are just replicating whatever attacks that worked with another vertical, another part of the world. So that's where I think the Symantec intelligence network really pays off. And then for individual customers, not only that, but again, how do I get an integrated view versus I don't want to be the integrator of 50 different technologies. Those are some of the trends that we're seeing.

Obviously, there are a lot of one-time costs impacting free cash flow this year. How should we think about the normalized free cash flow margin in FY '16 for security? And then, if operating margins improve over the next couple of years, what kind of flow-through should we expect at the free cash flow line? Thanks.

I have waited for this question until we give guidance for FY '17. We had a lot of moving parts with the separation and the restructuring cost. Also, CapEx impacted us on the separation side really, being able to separate that, especially the IT infrastructure. So a normalized operating cash flow number, globally is probably in the neighborhood of $700 million. And then we will have to look at FY '17, the gives and takes that are coming from putting a more efficient capital structure in place, that will have an impact and also how we approach the cost reduction of $400 million is going to have an impact on that number. So there will be a baseline and we'll have to make gives and takes on that number. And then as we generate and make progress on the $400 million cost reductions, that will be a significant tailwind moving forward. I think the run rate number I gave is a good run rate number. And then we'll be more precise at our next earnings call, because I think by then, we understand really what the gives and takes are going to be over FY '17.

Probably the tailwind, it would be fair to say, Thomas, will be really heavy at the end of the year. Certainly second two quarters; I wouldn't expect as many in the first quarter.

Just wanted to focus in on the consumer commentary you gave there about getting back to growth. And obviously you outperformed your expectations this quarter. You talked about distribution, but what are the puts and takes that you see there longer term in getting that back to growth? And then also in what margin context do you think about that?

If you think about the broader macro environment, the PC market we're all reading is declining. So what we view this in is that the install base is growing, but growing slowly at this point, so that's the broader context. Now an opportunity for us is to move beyond traditional PC form factor into mobile. We talked about that a bit today. We also talked about additional products that we can add to the used Norton's capabilities. We talked about other capabilities like privacy in the home, like what we could do for IoT as we protect other devices in the home. I think there are other product opportunities that go beyond the traditional PC form factor, but the overwhelming proportion of our business today obviously is PC. And then as we look at the changes we've made in Norton, which are primarily from a channel perspective, significant declines in OEM and retail as we focused on online acquisition and partners. Now that we have a stronger model, as we discussed earlier, which means higher lifetime customer value that we achieved by moving people to subscription, we can look again at where does it make sense to grow in retail and OEM. In fact, retail for the regions outside of North America is already growing again. We don't have that growing in North America, but that's something that we have as a goal for this coming year. And then we talked about earlier in the call, given the strength of the model, we can also look at OEMs as well. So I'm quite optimistic that over the long term, there are enough opportunities for Norton to be able to grow. It's just going to take us a little while to realize those opportunities.